All entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media.

Require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.

Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations.

Technical policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed.

IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately.

Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.

Compliance:

This act sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

What does HIPAA Cover?

This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also be in compliance.

A good API makes it easier to develop a program by providing all the building blocks.

Privacy & Security:

The rule addresses the saving, accessing and sharing of medical and personal information of any individual.

Safeguards:

If you are hosting your data with a HIPAA compliant hosting provider, they must have certain administrative, physical and technical safeguards in place, according to the U.S. Department of Health and Human Services.

The physical and technical safeguards are most relevant to services provided by your HIPAA compliant host as listed below, with detail on what constitutes a HIPAA compliant data center.

A good API makes it easier to develop a program by providing all the building blocks.

A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules. The HITECH Act was formed in response to health technology development and increased use, storage and transmittal of electronic health information.

Resources: U.S. Department of Health and Human Services.

Why Curare Telehealth ?

Customer Success Commitment

At Curare, customer success means you achieve the value you expect from our telehealth software.

Support & Training

Curare provides its clients with support and training designed to give your practice and patients the opportunity to take advantage of your telehealth program from Day 1.

Scale & Resources To Deliver

Curare is a strong, growing company with the scale, time, and resources needed to invest in your success.